Update docs: corrections, turn buffer docs into manpage, fold SHA1

pages into one for improved readability, add lhash manpage
2000-01-30 22:16:47 +00:00 · 2000-01-30 22:16:47 +00:00 · 74235cc9ec
commit 74235cc9ec
parent da0fc5bf0f
20 changed files with 354 additions and 144 deletions
--- a/2
+++ b/2
@ -31,6 +31,8 @@
      o Memory leak detection now allows applications to add extra information
        via a per-thread stack
      o PRNG robustness improved
      o Enhanced support for Alpha Linux
      o Experimental MacOS support
  Major changes between OpenSSL 0.9.3 and OpenSSL 0.9.4:
--- a/doc/apps/openssl.pod
+++ b/doc/apps/openssl.pod
@ -228,7 +228,7 @@ RC5 Cipher
 L<asn1parse(1)|asn1parse(1)>, L<ca(1)|ca(1)>, L<config(5)|config(5)>,
 L<crl(1)|crl(1)>, L<crl2pkcs7(1)|crl2pkcs7(1)>, L<dgst(1)|dgst(1)>,
-L<dh(1)|dh(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
+L<dhparam(1)|dhparam(1)>, L<dsa(1)|dsa(1)>, L<dsaparam(1)|dsaparam(1)>,
 L<enc(1)|enc(1)>, L<gendh(1)|gendh(1)>, L<gendsa(1)|gendsa(1)>,
 L<genrsa(1)|genrsa(1)>, L<nseq(1)|nseq(1)>, L<openssl(1)|openssl(1)>,
 L<pkcs12(1)|pkcs12(1)>, L<pkcs7(1)|pkcs7(1)>, L<pkcs8(1)|pkcs8(1)>,
--- a/doc/crypto/DH_get_ex_new_index.pod
+++ b/doc/crypto/DH_get_ex_new_index.pod
@ -30,7 +30,7 @@ L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
 =head1 HISTORY
-RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data() are
+DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
 available since OpenSSL 0.9.5.
 =cut
--- a/doc/crypto/DSA_do_sign.pod
+++ b/doc/crypto/DSA_do_sign.pod
@ -36,7 +36,8 @@ L<ERR_get_error(3)|ERR_get_error(3)>.
 =head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
 L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
 L<DSA_sign(3)|DSA_sign(3)>
 =head1 HISTORY
--- a/doc/crypto/DSA_dup_DH.pod
+++ b/doc/crypto/DSA_dup_DH.pod
@ -21,6 +21,10 @@ contain its length.
 DSA_dup_DH() returns the new B<DH> structure, and NULL on error. The
 error codes can be obtained by L<ERR_get_error(3)|ERR_get_error(3)>.
 =head1 NOTE
 Be careful to avoid small subgroup attacks when using this.
 =head1 SEE ALSO
 L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
--- a/doc/crypto/DSA_get_ex_new_index.pod
+++ b/doc/crypto/DSA_get_ex_new_index.pod
@ -30,7 +30,7 @@ L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dsa(3)|dsa(3)>
 =head1 HISTORY
-DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
+DSA_get_ex_new_index(), DSA_set_ex_data() and DSA_get_ex_data() are
 available since OpenSSL 0.9.5.
 =cut
--- a/doc/crypto/DSA_set_method.pod
+++ b/doc/crypto/DSA_set_method.pod
@ -68,9 +68,9 @@ struct
                                 BN_CTX *ctx, BN_MONT_CTX *in_mont);
     /* compute r = a ^ p mod m. May be NULL */
-	int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+        int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a,
-                                 const BIGNUM *m, BN_CTX *ctx,
+                                 const BIGNUM *p, const BIGNUM *m,
-                                 BN_MONT_CTX *m_ctx);
+                                 BN_CTX *ctx, BN_MONT_CTX *m_ctx);
     /* called at DSA_new */
        int (*init)(DSA *DSA);
--- a/doc/crypto/DSA_sign.pod
+++ b/doc/crypto/DSA_sign.pod
@ -38,6 +38,9 @@ B<dsa> is the signer's public key.
 The B<type> parameter is ignored.
 The PRNG must be seeded before DSA_sign() (or DSA_sign_setup())
 is called.
 =head1 RETURN VALUES
 DSA_sign() and DSA_sign_setup() return 1 on success, 0 on error.
@ -52,7 +55,8 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
-L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
 L<DSA_do_sign(3)|DSA_do_sign(3)>
 =head1 HISTORY
--- a/doc/crypto/RAND_load_file.pod
+++ b/doc/crypto/RAND_load_file.pod
@ -8,7 +8,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
 #include <openssl/rand.h>
- char *RAND_file_name(char *buf, int num);
+ const char *RAND_file_name(char *buf, int num);
 int RAND_load_file(const char *filename, long max_bytes);
--- a/doc/crypto/RSA_print.pod
+++ b/doc/crypto/RSA_print.pod
@ -14,6 +14,8 @@ cryptographic parameters
 #include <openssl/dsa.h>
 int DSAparams_print(BIO *bp, DSA *x);
 int DSAparams_print_fp(FILE *fp, DSA *x);
 int DSA_print(BIO *bp, DSA *x, int offset);
 int DSA_print_fp(FILE *fp, DSA *x, int offset);
@ -25,7 +27,7 @@ cryptographic parameters
 =head1 DESCRIPTION
 A human-readable hexadecimal output of the components of the RSA
-key, DSA key or DH parameters is printed to B<bp> or B<fp>.
+key, DSA parameters or key or DH parameters is printed to B<bp> or B<fp>.
 The output lines are indented by B<offset> spaces.
@ -41,5 +43,6 @@ L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<rsa(3)|rsa(3)>, L<BN_bn2bin(3)|BN_bn2bin(3)>
 RSA_print(), RSA_print_fp(), DSA_print(), DSA_print_fp(), DH_print(),
 DH_print_fp() are available in all versions of SSLeay and OpenSSL.
 DSAparams_print() and DSAparams_print_pf() were added in SSLeay 0.8.
 =cut
--- a/doc/crypto/SHA1.pod
+++ b/doc/crypto/SHA1.pod
@ -1,36 +0,0 @@
 =pod
 =head1 NAME
 SHA1 - Compute SHA1 hash
 =head1 SYNOPSIS
 #include <openssl/sha.h>
 unsigned char *SHA1(const unsigned char *d, unsigned long n,
                     unsigned char *md);
 =head1 DESCRIPTION
 SHA1() computes the SHA-1 message digest of the B<n> bytes at B<d> and
 places it in B<md> (which must have space for SHA_DIGEST_LENGTH == 20
 bytes of output). If B<md> is NULL, the digest is placed in a static
 array.
 L<SHA1_Init(3)|SHA1_Init(3)> may be used if the message is not completely
 stored in memory.
 =head1 RETURN VALUE
 SHA1() returns a pointer to the hash value. 
 =head1 HISTORY
 SHA1() is available in all versions of SSLeay and OpenSSL.
 =head1 SEE ALSO
 L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<SHA1_Init(3)|SHA1_Init(3)>
 =cut
--- a/doc/crypto/SHA1_Init.pod
+++ b/doc/crypto/SHA1_Init.pod
@ -1,42 +0,0 @@
 =pod
 =head1 NAME
 SHA1_Init, SHA1_Update_SHA1_Final - Compute SHA1 hash
 =head1 SYNOPSIS
 #include <openssl/sha.h>
 void SHA1_Init(SHA_CTX *c);
 void SHA1_Update(SHA_CTX *c, const unsigned char *data,
                  unsigned long len);
 void SHA1_Final(unsigned char *md, SHA_CTX *c);
 =head1 DESCRIPTION
 SHA1_Init() initializes a B<SHA_CTX> structure.
 SHA1_Update() can be called repeatedly with chunks of the message to
 be hashed (B<len> bytes at B<data>).
 SHA1_Final() places the message digest in B<md>, which must have space
 for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
 When the entire message is available at one time, L<SHA1(3)|SHA1(3)>
 can be used.
 =head1 RETURN VALUES
 SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
 =head1 HISTORY
 SHA1_Init(), SHA1_Update() and SHA1_Final()are available in all
 versions of SSLeay and OpenSSL.
 =head1 SEE ALSO
 L<sha(3)|sha(3)>, L<ripemd(3)|ripemd(3)>, L<SHA1(3)|SHA1(3)>
 =cut
--- a/doc/crypto/buffer.pod
+++ b/doc/crypto/buffer.pod
@ -0,0 +1,73 @@
 =pod
 =head1 NAME
 BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup - Simple
 character arrays structure
 =head1 SYNOPSIS
 #include <openssl/buffer.h>
 BUF_MEM *BUF_MEM_new(void);
 void	BUF_MEM_free(BUF_MEM *a);
 int	BUF_MEM_grow(BUF_MEM *str, int len);
 char *	BUF_strdup(const char *str);
 =head1 DESCRIPTION
 The buffer library handles simple character arrays. Buffers are used for
 various purposes in the library, most notably memory BIOs.
 The library uses the BUF_MEM structure defined in buffer.h:
 typedef struct buf_mem_st
 {
        int length;     /* current number of bytes */
        char *data;
        int max;        /* size of buffer */
 } BUF_MEM;
 B<length> is the current size of the buffer in bytes, B<max> is the amount of
 memory allocated to the buffer. There are three functions which handle these
 and one "miscellaneous" function.
 BUF_MEM_new() allocates a new buffer of zero size.
 BUF_MEM_free() frees up an already existing buffer. The data is zeroed
 before freeing up in case the buffer contains sensitive data.
 BUF_MEM_grow() changes the size of an already existing buffer to
 B<len>. Any data already in the buffer is preserved if it increases in
 size.
 BUF_strdup() copies a null terminated string into a block of allocated
 memory and returns a pointer to the allocated block.
 Unlike the standard C library strdup() this function uses Malloc() and so
 should be used in preference to the standard library strdup() because it can
 be used for memory leak checking or replacing the malloc() function.
 The memory allocated from BUF_strdup() should be freed up using the Free()
 function.
 =head1 RETURN VALUES
 BUF_MEM_new() returns the buffer or NULL on error.
 BUF_MEM_free() has no return value.
 BUF_MEM_grow() returns zero on error or the new size (i.e. B<len>).
 =head1 SEE ALSO
 L<bio(3)|bio(3)>
 =head1 HISTORY
 BUF_MEM_new(), BUF_MEM_free() and BUF_MEM_grow() are available in all
 versions of SSLeay and OpenSSL. BUF_strdup() was addded in SSLeay 0.8.
 =cut
--- a/doc/crypto/dsa.pod
+++ b/doc/crypto/dsa.pod
@ -92,6 +92,13 @@ Standard, DSS), ANSI X9.30
 =head1 SEE ALSO
 L<bn(3)|bn(3)>, L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
-L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>
+L<rsa(3)|rsa(3)>, L<sha(3)|sha(3)>, L<DSA_new(3)|DSA_new(3)>,
 L<DSA_size(3)|DSA_size(3)>,
 L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
 L<DSA_dup_DH(3)|DSA_dup_DH(3)>,
 L<DSA_generate_key(3)|DSA_generate_key(3)>,
 L<DSA_sign(3)|DSA_sign(3)>, L<DSA_set_method(3)|DSA_set_method(3)>,
 L<DSA_get_ex_new_index(3)|DSA_get_ex_new_index(3)>,
 L<RSA_print(3)|RSA_print(3)>
 =cut
--- a/doc/crypto/lh_stats.pod
+++ b/doc/crypto/lh_stats.pod
@ -0,0 +1,60 @@
 =pod
 =head1 NAME
 lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
 lh_node_stats_bio, lh_node_usage_stats_bio - LHASH statistics
 =head1 SYNOPSIS
 #include <openssl/lhash.h>
 void lh_stats(LHASH *table, FILE *out);
 void lh_node_stats(LHASH *table, FILE *out);
 void lh_node_usage_stats(LHASH *table, FILE *out);
 void lh_stats_bio(LHASH *table, BIO *out);
 void lh_node_stats_bio(LHASH *table, BIO *out);
 void lh_node_usage_stats_bio(LHASH *table, BIO *out);
 =head1 DESCRIPTION
 The B<LHASH> structure records statistics about most aspects of
 accessing the hash table.  This is mostly a legacy of Eric Young
 writing this library for the reasons of implementing what looked like
 a nice algorithm rather than for a particular software product.
 lh_stats() prints out statistics on the size of the hash table, how
 many entries are in it, and the number and result of calls to the
 routines in this library.
 lh_node_stats() prints the number of entries for each 'bucket' in the
 hash table.
 lh_node_usage_stats() prints out a short summary of the state of the
 hash table.  It prints the 'load' and the 'actual load'.  The load is
 the average number of data items per 'bucket' in the hash table.  The
 'actual load' is the average number of items per 'bucket', but only
 for buckets which contain entries.  So the 'actual load' is the
 average number of searches that will need to find an item in the hash
 table, while the 'load' is the average number that will be done to
 record a miss.
 lh_stats_bio(), lh_node_stats_bio() and lh_node_usage_stats_bio()
 are the same as the above, except that the output goes to a B<BIO>.
 =head1 RETURN VALUES
 These functions do not return values.
 =head1 SEE ALSO
 L<bio(3)|bio(3)>, L<lhash(3)|lhash(3)>
 =head1 HISTORY
 These functions are available in all versions of SSLeay and OpenSSL.
 This manpage is derived from the SSLeay documentation.
 =cut
--- a/doc/crypto/lhash.pod
+++ b/doc/crypto/lhash.pod
@ -0,0 +1,155 @@
 =pod
 =head1 NAME
 lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
 lh_doall_arg, lh_error - Dynamic hash table
 =head1 SYNOPSIS
 #include <openssl/lhash.h>
 LHASH *lh_new(unsigned long (*hash)(/*void *a*/),
          int (*compare)(/*void *a,void *b*/));
 void lh_free(LHASH *table);
 void *lh_insert(LHASH *table, void *data);
 void *lh_delete(LHASH *table, void *data);
 void *lh_retrieve(LHASH *table, void *data);
 void lh_doall(LHASH *table, void (*func)(/*void *b*/));
 void lh_doall_arg(LHASH *table, void (*func)(/*void *a,void *b*/),
          void *arg);
 int lh_error(LHASH *table);
 =head1 DESCRIPTION
 This library implements dynamic hash tables. The hash table entries
 can be arbitrary structures. Usually they consist of key and value
 fields.
 lh_new() creates a new B<LHASH> structure. B<hash> takes a pointer to
 the structure and returns an unsigned long hash value of its key
 field. The hash value is normally truncated to a power of 2, so make
 sure that your hash function returns well mixed low order
 bits. B<compare> takes two arguments, and returns 0 if their keys are
 equal, non-zero otherwise.
 lh_free() frees the B<LHASH> structure B<table>. Allocated hash table
 entries will not be freed; consider using lh_doall() to deallocate any
 remaining entries in the hash table.
 lh_insert() inserts the structure pointed to by B<data> into B<table>.
 If there already is an entry with the same key, the old value is
 replaced. Note that lh_insert() stores pointers, the data are not
 copied.
 lh_delete() deletes an entry from B<table>.
 lh_retrieve() looks up an entry in B<table>. Normally, B<data> is
 a structure with the key field(s) set; the function will return a
 pointer to a fully populated structure.
 lh_doall() will, for every entry in the hash table, call B<func> with
 the data item as parameters.
 This function can be quite useful when used as follows:
 void cleanup(STUFF *a)
  { STUFF_free(a); }
 lh_doall(hash,cleanup);
 lh_free(hash);
 This can be used to free all the entries. lh_free() then cleans up the
 'buckets' that point to nothing. When doing this, be careful if you
 delete entries from the hash table in B<func>: the table may decrease
 in size, moving item that you are currently on down lower in the hash
 table.  This could cause some entries to be skipped.  The best
 solution to this problem is to set hash-E<gt>down_load=0 before you
 start.  This will stop the hash table ever being decreased in size.
 lh_doall_arg() is the same as lh_doall() except that B<func> will
 be called with B<arg> as the second argument.
 lh_error() can be used to determine if an error occured in the last
 operation. lh_error() is a macro.
 =head1 RETURN VALUES
 lh_new() returns B<NULL> on error, otherwise a pointer to the new
 B<LHASH> structure.
 When a hash table entry is replaced, lh_insert() returns the value
 being replaced. B<NULL> is returned on normal operation and on error.
 lh_delete() returns the entry being deleted.  B<NULL> is returned if
 there is no such value in the hash table.
 lh_retrieve() returns the hash table entry if it has been found,
 B<NULL> otherwise.
 lh_error() returns 1 if an error occurred in the last operation, 0
 otherwise.
 lh_free(), lh_doall() and lh_doall_arg() return no values.
 =head1 BUGS
 lh_insert() returns B<NULL> both for success and error.
 =head1 INTERNALS
 The following description is based on the SSLeay documentation:
 The B<lhash> library implements a hash table described in the
 I<Communications of the ACM> in 1991.  What makes this hash table
 different is that as the table fills, the hash table is increased (or
 decreased) in size via Realloc().  When a 'resize' is done, instead of
 all hashes being redistributed over twice as many 'buckets', one
 bucket is split.  So when an 'expand' is done, there is only a minimal
 cost to redistribute some values.  Subsequent inserts will cause more
 single 'bucket' redistributions but there will never be a sudden large
 cost due to redistributing all the 'buckets'.
 The state for a particular hash table is kept in the B<LHASH> structure.
 The decision to increase or decrease the hash table size is made
 depending on the 'load' of the hash table.  The load is the number of
 items in the hash table divided by the size of the hash table.  The
 default values are as follows.  If (hash->up_load E<lt> load) =E<gt>
 expand.  if (hash-E<gt>down_load E<gt> load) =E<gt> contract.  The
 B<up_load> has a default value of 1 and B<down_load> has a default value
 of 2.  These numbers can be modified by the application by just
 playing with the B<up_load> and B<down_load> variables.  The 'load' is
 kept in a form which is multiplied by 256.  So
 hash-E<gt>up_load=8*256; will cause a load of 8 to be set.
 If you are interested in performance the field to watch is
 num_comp_calls.  The hash library keeps track of the 'hash' value for
 each item so when a lookup is done, the 'hashes' are compared, if
 there is a match, then a full compare is done, and
 hash-E<gt>num_comp_calls is incremented.  If num_comp_calls is not equal
 to num_delete plus num_retrieve it means that your hash function is
 generating hashes that are the same for different values.  It is
 probably worth changing your hash function if this is the case because
 even if your hash table has 10 items in a 'bucket', it can be searched
 with 10 B<unsigned long> compares and 10 linked list traverses.  This
 will be much less expensive that 10 calls to you compare function.
 lh_strhash() is a demo string hashing function:
 unsigned long lh_strhash(const char *c);
 Since the B<LHASH> routines would normally be passed structures, this
 routine would not normally be passed to lh_new(), rather it would be
 used in the function passed to lh_new().
 =head1 SEE ALSO
 L<lh_stats(3)|lh_stats(3)>
 =head1 HISTORY
 The B<lhash> library is available in all versions of SSLeay and OpenSSL.
 lh_error() was added in SSLeay 0.9.1b.
 This manpage is derived from the SSLeay documentation.
 =cut
--- a/doc/crypto/rand.pod
+++ b/doc/crypto/rand.pod
@ -17,7 +17,7 @@ rand - Pseudo-random number generator
 int  RAND_load_file(const char *file,long max_bytes);
 int  RAND_write_file(const char *file);
- char *RAND_file_name(char *file,int num);
+ const char *RAND_file_name(char *file,int num);
 void RAND_set_rand_method(RAND_METHOD *meth);
 RAND_METHOD *RAND_get_rand_method(void);
--- a/doc/crypto/sha.pod
+++ b/doc/crypto/sha.pod
@ -2,7 +2,7 @@
 =head1 NAME
-sha - Secure Hash Algorithm
+SHA1, SHA1_Init, SHA1_Update, SHA1_Final - Secure Hash Algorithm
 =head1 SYNOPSIS
@ -21,9 +21,31 @@ sha - Secure Hash Algorithm
 SHA-1 (Secure Hash Algorithm) is a cryptographic hash function with a
 160 bit output.
 SHA1() computes the SHA-1 message digest of the B<n>
 bytes at B<d> and places it in B<md> (which must have space for
 SHA_DIGEST_LENGTH == 20 bytes of output). If B<md> is NULL, the digest
 is placed in a static array.
 The following functions may be used if the message is not completely
 stored in memory:
 SHA1_Init() initializes a B<SHA_CTX> structure.
 SHA1_Update() can be called repeatedly with chunks of the message to
 be hashed (B<len> bytes at B<data>).
 SHA1_Final() places the message digest in B<md>, which must have space
 for SHA_DIGEST_LENGTH == 20 bytes of output, and erases the B<SHA_CTX>.
 The predecessor of SHA-1, SHA, is also implemented, but it should be
 used only when backward compatibility is required.
 =head1 RETURN VALUES
 SHA1() returns a pointer to the hash value. 
 SHA1_Init(), SHA1_Update() and SHA1_Final() do not return values.
 =head1 CONFORMING TO
 US Federal Information Processing Standard FIPS 180 (Secure Hash
@ -31,6 +53,11 @@ Standard), ANSI X9.30
 =head1 SEE ALSO
-L<ripemd(3)|ripemd(3)>, L<SHA1(3)|SHA1(3)>, L<SHA1_Init(3)|SHA1_Init(3)>
+L<ripemd(3)|ripemd(3)>
 =head1 HISTORY
 SHA1(), SHA1_Init(), SHA1_Update() and SHA1_Final() are available in all
 versions of SSLeay and OpenSSL.
 =cut
--- a/doc/openssl.txt
+++ b/doc/openssl.txt
@ -1,54 +1,6 @@
 This is some preliminary documentation for OpenSSL.
 ==============================================================================
                            BUFFER Library
 ==============================================================================
 The buffer library handles simple character arrays. Buffers are used for
 various purposes in the library, most notably memory BIOs.
 The library uses the BUF_MEM structure defined in buffer.h:
 typedef struct buf_mem_st
 {
        int length;     /* current number of bytes */
        char *data;
        int max;        /* size of buffer */
 } BUF_MEM;
 'length' is the current size of the buffer in bytes, 'max' is the amount of
 memory allocated to the buffer. There are three functions which handle these
 and one "miscellaneous" function.
 BUF_MEM *BUF_MEM_new()
 This allocates a new buffer of zero size. Returns the buffer or NULL on error.
 void BUF_MEM_free(BUF_MEM *a)
 This frees up an already existing buffer. The data is zeroed before freeing
 up in case the buffer contains sensitive data.
 int BUF_MEM_grow(BUF_MEM *str, int len)
 This changes the size of an already existing buffer. It returns zero on error
 or the new size (i.e. 'len'). Any data already in the buffer is preserved if
 it increases in size.
 char * BUF_strdup(char *str)
 This is the previously mentioned strdup function: like the standard library
 strdup() it copies a null terminated string into a block of allocated memory
 and returns a pointer to the allocated block.
 Unlike the standard C library strdup() this function uses Malloc() and so
 should be used in preference to the standard library strdup() because it can
 be used for memory leak checking or replacing the malloc() function.
 The memory allocated from BUF_strdup() should be freed up using the Free()
 function.
 ==============================================================================
               OpenSSL X509V3 extension configuration
 ==============================================================================